Spam Pushes Malware Disguised As Screensavers

The spams they show all advertise "3D BeST Screensaver" or "3D Flsh screen$aver" or something like that, and say "Download for free" with a link. The pages to which the links take you are well executed and look professional.

In Sunbelt's initial analysis, the malware was very poorly detected by popular antivirus programs. Only 7 of the 32 programs in the company's VirusTotal scan detected anything (follow Sunbelt's links for more details). This will surely have improved by the time you read this, as all those companies have samples.

The site on which the malware is hosted is a strange one. It sells war memorabilia for the U.S. Civil War, the World Wars, and "Indian Wars" (as in India, not the American West). The company that owns the site is located in Pakistan. Sunbelt Software says the malware pages seem to be installed through a compromise, but there's no real effort to hide them.